Wednesday, April 24, 2013

Targets of Opportunity

#dbir

...Is one of the findings in #Verizon's 2013 Data Breach Investigations Report, which is chuck full of interesting data. 75% of the attack victims were selected because they had a weakness that an attacker knew how to exploit rather than being specifically chosen. The difficulty of the initial compromise was low for 68% of the breaches meaning the attackers used basic methods or automated tools and scripts. It also means that there are sloppy configurations, needless services and exposed vulnerabilities that are bringing this attention.

Overall, the report covers 47,000 reported security incidents, of which, there were 621 confirmed data breaches. This is important since they focus on the 621 confirmed data loss incidents rather than the 47,000 reports. There will probably be a ton of articles reporting the results but a good place to start is securosis.com with their How to Use the 2013 Verizon Data Breach Investigations Report. This is a great primer for the document.

There is a pretty even distribution of industries hit from financial to retail and restaurants to manufacturing, transportation and utilities to government and defense contractors. The overwhelming majority of attacks are perpetrated by outsiders at 92% of the confirmed data breaches with insiders at 14%. Interestingly, for all reports (the 47,000 not just the 621 confirmed) insiders accounted for 69% of the incidents. Typically this was due to carelessness rather than criminal misuse. 76% of the network intrusions exploited weak or stolen credentials and most often, the attack was driven by financial motives at 75%.

Some other interesting data for me was that 66% of the breaches remained undiscovered for months or more and 69% of those were discovered by outside entities. So organizations are in the dark about their intrusions, and it takes an outsider to point it out. It's like those people who drive away with the gas hose still hooked to their tank.

I was also curious about breaches as a result of BYOD. Not many. In 2011 they only saw 1 breach that involved personally owned devices and only a couple more in 2012. They will keep watching and do expect that it may increase but for now, so far so good. Could be because while BYOD is a hot topic, most surveys indicate that only around half the organizations are digging in.

There is a ton more valuable data in the report and it is an easy, fun read for 63 pages of stats. Right on page 2 they say, 'Some organizations will be a target regardless of what they do, but most become a target because of what they do. If your organization is indeed a target of choice, understand as much as you can about what your opponent is likely to do and how far they are willing to go.' Put it on your list.